Control systems often utilize programmable devices, such as microprocessor-based programmable logic controllers (PLCs) that execute software instructions, and the like. Certain industries, such as the nuclear power industry, have become increasingly concerned with risks associated with programmable systems.
A programmable device is often a single point of failure in a control system. If the microprocessor operates incorrectly, either due to a microprocessor fault, or a software bug, the entire control system can be negatively impacted. This is particularly problematic in certain environments, such as a nuclear power generation facility.
Consequently, regulations impose substantial requirements on a PLC-based control system, such as multiple channels and a diverse actuation system (DAS) for the reactor protection system (RPS) making such systems increasingly complex. Time and costs associated with getting Nuclear Regulatory Commission (NRC) design certification has increased substantially in recent years, particularly for programmable control systems. One result of this is that existing nuclear utilities are reluctant to change or replace their original designs with newer systems because of the inherent or perceived risks of software common cause failures and because of the resources required to process a license amendment request (LAR) and obtain NRC approval.